Hi,
I have a symmetrically encrypted pgp file here:
http://16s.us/word_machine/downloads/pgp-easy.tgz.pgp
gpg will accept the three characters !=X as the password and exit with a
return status of 0 (although it does not actually decrypt the file):
$ gpg -d pgp-easy.tgz.pgp
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
$ echo $?
0
!=X is not the plaintext password that was used to encrypt the file. I was
hoping someone on the list might be able to help me understand why this
might happen. Could it be a bug in gpg, or OpenPGP itself? Here is my gpg
version:
$ gpg --version
gpg (GnuPG) 1.4.12
Here is --list-packets:
$ gpg --list-packets pgp-easy.tgz.pgp
:symkey enc packet: version 4, cipher 3, s2k 3, hash 2
salt 8dd17929c3935452, count 65536 (96)
gpg: CAST5 encrypted data
:encrypted data packet:
length: unknown
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
I don't yet know the actual plaintext password or the exact
commands/program used to encrypt the file, but I should know in a few
days. This is a file that's apart of the defcon password cracking contest
and I came across this and wanted to mention it here.
I'm not subscribed to this list, so please cc me if you want to reach me.
Thanks,
Brad